Quantum Cryptography

I am extremely skeptical about quantum cryptography. First all of the articles I have read about the technology use the same mathematical concepts to encrypt and decrypt a message.

Nothing about quantum cryptography actually changes physical characteristics of math. That is obvious.

There have been mentions that the act of eavesdropping could never happen either which is more absolute ********. A man in the middle attack is a man in the middle attack regardless. Relaying a message after interception does not change the physical properties of the message in a public key encryption system.

In fact... I know of no "eavesdroppers" in the current world of encryption/decryption hacks. You cannot watch a message going by without actually intercepting it. There is nothing that I can even begin to accept as a possible reality about this supposed new cryptography.

I think it's total hype and am ready to call it a flat out con. Can anybody tell me otherwise?

I am extremely skeptical about quantum cryptography. First all of the articles I have read about the technology use the same mathematical concepts to encrypt and decrypt a message.

Nothing about quantum cryptography actually changes physical characteristics of math. That is obvious.

It is important to understand that QC is not really just a mathematical algorithm: it is a set of methods/techniques that when combined allow us to prevent (well, at least detect) eavesdropping. The methods involve not only the algorithm (of which there are several) but also the "hardware"; i.e. the equipment used to produce/detect single photons, entangle them etc. QC is only 100% safe if both the "software" (the algorithm) and the hardware works (and there is a mathematical proof showing that it IS really 100% secure, unless there is fundamental flaw in our understanding of QM).
At present the main problem is the hardware, mainly problems with the reliability of single photon generators. Hence, the math is not really the problem.

But mgb_phys is right in saying that QC is not really solving a serious problem since current encryption algorithms are very good and optical fibres easy to protect.
That said. there is enough commercial/military interest to fund to a lot of research in this area, and it is likely that we will see at least some real world applications of this technique.

I suspect that the "killer app" will be satellite communication where eavesdropping is obviously an issue; you can protect a fibre but it is not as easy to protect a laser beam that is being used to send/transmit information to a satellite.
Satellite communication using QC was demonstrated a few months ago.

Even with the correct hardware QC doesn't protect you from man in the middle.
It does stop you detecting leaked radiation from the fibre but it doesn't stop me cutting the fibre and installing the same brand of QC receiver the other party is using.
You then send a perfectly quantum encrypted buy order for MS stock, I intercept using my identical CISCO grunt-meister 4000 and then transmit a perfectly quantum encrypted buy order for Ford stock to the original destination.
To stop this you have to use public key encryption (as in SSL) but if you are suing PKI and strong encryption you really don't the Quantum stuff.

Remember aswell that any interaction with the photon destroys the quantum properties so it cannot go through any kind of repeater, booster amplifier or switch - which rather limits it's applications.

It does stop you detecting leaked radiation from the fibre but it doesn't stop me cutting the fibre and installing the same brand of QC receiver the other party is using.

I assume you are now assuming that the sender has no way of identifying the sender/receiver, i.e. Eve "pretends" to be the receiver/transmitter by faking the contents of the messages; i.e. it is an "active" attack.
Otherwise this would just be a standard intercept/resend attack which all standard QC protocols (BB84 etc) will protect you from; there is no way of breaking a QC protocol by simply "passively" resending information.

Staff: Mentor

As long as there countries on earth fighting each other, here is always scope for higher security.
Remember, after the Diffie-Hellman algo was published, the British secret agency announced they had invented in earlier, but it was kept as a classified secret.

There is always a need for higher security, although the driver is often money rather than military.

QC only protects you against eavesdropping for a particular technical definition of eavesdropping. It doesn't protect you from any real world interception. But it is being sold on that basis to gullible businesses and hopefully less gullible national security agencies. It's like a bank having a problem with forged notes and deciding the solution is to have stronger armored cars.

Ironically keeping encryption algorithms secret is the worst thing to do. GCHQ didn't keep public key secret to stop people cracking it , they kept it secret because the idea was useful and they didn't want anyone else to use it. The actual algorithms used to secure secret data are all published and result from open competition.

Even with the correct hardware QC doesn't protect you from man in the middle.
It does stop you detecting leaked radiation from the fibre but it doesn't stop me cutting the fibre and installing the same brand of QC receiver the other party is using.

QC would only be used to transmit the key, hence if you cut the fibre and try and transmit false data as you suggest your encryption will not match what the recipient expects (the result will be garbage) and this will be detected.

Similarly even if you manage to acquire the data by cutting the fibre and listening it will be meaningless to you as it will be encrypted.

It is not true to say that QC is trying to solve a problem that "Isn't there". Key transmission is the major issue with security today and QC eliminates it, hence 100% secure.

The problem with key exchange is knowing that the person sending you their public key is knowing that they are who they claim they to be.
Alice transmits her public key to Bob over quantum fibre, Carol is in the middle.
Carol received a perfectly quantum encrypted public key from Alice, and sends her own to Bob who assumes it comes from Alice. Must be valid 'cos it's quantum!

There are ways around this with web-of-trust etc, but they work just as well if you comms channel is carrier pigeons.

Clearly if Carol intercepts both the classical and quantum channels and completely pretends to be Bob then yes, QC will not work. However this seems like an unlikely scenario. Nowadays keys are often carried by channels such as courier, which is the major risk.

I think it's very obvious that Quantum Cryptography should be renamed Quantum Communications or Transmission.

Encryption is mathematical. To call it anything else is a gimmick which borders fraudulent. Jmo

How would you agree the timing between Alice and Bob without Carol intercepting the message and telling Bob the wrong time?

That would require sync. I am not entirely sure you could achieve synchronized transmission with the internet. It was never designed to be that way. Everything is relayed through any number proxies, caches or hardware devices which are ready to drop the transmission and "retry" should a packet drop.

If synchronization is the key component to the security technology in question the connection would have to be non-susceptible to any sort of natural interference in order to "detect" an eavesdropper. The connection would have to be 100% reliable and secure at all times to "catch" somebody otherwise you would spend all your days chasing ghosts...

This technology does not rely on the Quanta... it relies on a new system of cables, hardware devices, ect... the benefits are still questionable after all the money is spent too. The real problem isn't with encryption.

I think it's a stretch to call it a "flat out con" as the OP has done.

If I began selling solar powered cars which were instead batteries that were manufactured and charged independent of the car, a new fuel cell being required to be purchased from the manufacturer after each battery was expended.

Would you call it a con?

Encryption is mathematical. It is a poor choice of terminology which very deceptively attempts to use another technology to solve a problem which it doesn't.

If I sold cars and called them non-rechargeable battery powered cars. Then would you accept it for exactly what it is and look to spend your money elsewhere?

Maybe calling it a con is too harsh. In any event... no advancements in cryptography have been made. It should be renamed to a communications/transmissions technology as that is what it is. jmo...

For real world purposes... highly impractical as well. For the Pentagon? I would think otherwise if British civilians hadn't recently breached their security by means of the internet. If the Pentagon needs a "closed circuit" security system, make one. You don't need to re-engineer the planet as the security system itself, as a whole, would by no means be more secure. It's transmission might be more reliable however.

I'd expect banks to be more interested in this to be honest. If a multi-billion dollar organisation was given the opportunity to add a tiny bit of security for a few millions they certainly would.

Only if they are losing money because of intercepted communications by somebody that has broken AES.
It would cost a lot more than millions because you need a single point-point link, no switches/routers etc. It would have been useful for TJMAX losing all those credit card numbers from the wifi link between it's buildings - but turning on the WPA option on a $20 Dlink would have been enough.

I'm not surprised that the pentagon has lax security by the way ;)

It's not clear what 'hacked into pentagon' means - the web site, the payroll, the 100s of contractor/service systems.
Generally systems are classifed for secure work or connected to the internet but not both. You have to have two machines on your desk. Of course this doesn't stop directors taking secure laptops home and letting their kids play online games on them.